From 7957200cf2c85ceed6d89a2e334a323016efcc22 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sun, 12 Feb 2017 09:59:48 -0800
Subject: [PATCH] Plug memory leak in weed-expired-certs code.

X509_STORE_add_cert() creates a copy of the certificate we're offering,
so we need to free our copy afterwards.  This isn't documented, but from
observed behaviour in OpenSSL 1.0.2 and its master branch source code.

Change PEM_read_X509() call to reuse cert to avoid free/reallocation
overhead.
---
 mutt_ssl.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/mutt_ssl.c b/mutt_ssl.c
index 17ba746ca..c63cda5d9 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -95,7 +95,7 @@ static int ssl_negotiate (CONNECTION *conn, sslsockdata*);
 static int ssl_load_certificates (SSL_CTX *ctx)
 {
   FILE *fp;
-  X509 *cert;
+  X509 *cert = NULL;
   X509_STORE *store;
   char buf[STRING];
 
@@ -110,18 +110,20 @@ static int ssl_load_certificates (SSL_CTX *ctx)
   if ((fp = fopen (SslCertFile, "rt")) == NULL)
     return 0;
 
-  while ((cert = PEM_read_X509 (fp, NULL, NULL, NULL)) != NULL)
+  while (NULL != PEM_read_X509 (fp, &cert, NULL, NULL))
   {
     if ((X509_cmp_current_time (X509_get_notBefore (cert)) >= 0) ||
         (X509_cmp_current_time (X509_get_notAfter (cert)) <= 0))
     {
       dprint (2, (debugfile, "ssl_load_certificates: filtering expired cert: %s\n",
               X509_NAME_oneline (X509_get_subject_name (cert), buf, sizeof (buf))));
-      X509_free (cert);
     }
     else
+    {
       X509_STORE_add_cert (store, cert);
+    }
   }
+  X509_free (cert);
   safe_fclose (&fp);
 
   return 1;
-- 
2.40.0